The National CIE Strategy is built on five integrated pillars, offering a set of recommendations to incorporate CIE as a common practice across the energy sector.
Awareness
Raise awareness of the CIE approach, its application potential, and major benefits among decision makers in the Energy Sector Industrial Base—including owners and operators, system engineers, manufacturers, researchers, and government leaders.
CIE requires a culture shift in the energy industry on par with the culture change for safety in engineering that has taken place over the last several decades. To initiate this shift, we must build an understanding throughout the entire energy infrastructure ecosystem of what CIE is, why it is needed, and how and where it can be applied.
CIE will require training and expertise, a shift in design and operational approaches, and engineering changes to the infrastructure that delivers energy functions critical to national and economic security. To build long-term support for and accelerate these changes, it is imperative that the nation’s energy infrastructure decision makers understand CIE and its potential to limit the ability of cyber-based attacks to generate significant impacts.
Education - Stub
Develop a pipeline of CIE practitioners through education, training, and certification of CIE knowledge and skills.
Building the workforce needed to apply CIE principles to the entire energy infrastructure ecosystem will require a multi-pronged approach. Navigating competing cybersecurity priorities in academia to build CIE into education and training will require a sustained effort, with strong support from not only trainers and educators, but also industry employers, who create the demand signal for skills. Building these resources can expand the diversity, capability, and capacity of the energy sector workforce.
Development - Stub
Mature CIE approaches and promote broad application by building a repository of tools, practices, methods, and other enrichments that practitioners can draw upon to apply CIE to existing and new infrastructure and validate CIE applications. Document lessons learned from applying CIE principles to a diverse range of infrastructure at different levels of criticality and use those lessons to continuously develop and mature tailored guidance, case studies, and practices available to the Energy Sector Industrial Base.
Current Infrastructure
Use a consequence-driven approach to identify and apply CIE principles to the nation’s systemically important critical infrastructure already commissioned and in service today. This targeted approach can better secure existing infrastructure by both increasing costs to adversaries and denying their ability to inflict unacceptable consequences on the nation’s critical functions.
Future Infrastructure
Nurture and sustain an Energy Sector Industrial Base that enables manufacturers and asset owners to apply CIE principles into the full lifecycle (design, construction, operation, maintenance, and decommissioning) of newly commissioned critical infrastructure systems. The domestic industrial base will supply a sufficient diversity and quantity of resilient goods and services to include cybersecurity in existing engineering approaches and realize an infrastructure system built on CIE principles and strategies.
Achieving this vision requires a focus on conducting research and design of future energy systems using CIE, as well as supporting the technology and business ecosystem of how new systems are applied, operated, and maintained. Applying CIE principles and strategies offers the opportunity to grow a domestic manufacturing base of resilient energy systems and components, aligning to policy recommendations directed in the Executive Order on America’s Supply Chains (E.O. 14017), and DOE’s report, “America’s Strategy to Secure the Supply Chain for a Robust Clean Energy Transition,” issued in 2022. Applying CIE also leverages a strategic opportunity to establish and maintain leadership in advanced renewable energy systems that increase energy security and reduce emissions.